LibELF: Fix an integer overflow in Image::find_sorted_symbol

The expression address - candidate.address can yield a value that cannot safely be converted to an i32 which would result in binary_search failing to find some symbols.
Author: https://github.com/gunnarbeutner Commit: https://github.com/SerenityOS/serenity/commit/843f861f978 Pull-request: https://github.com/SerenityOS/serenity/pull/7208
2021-05-17 14:31:25 +02:00 · 2021-05-17 14:31:25 +02:00 · 843f861f97 · 2024-07-18 17:57:29 +09:00
commit 843f861f97
parent 44ceee1e14
1 changed files with 6 additions and 1 deletions
--- a/Userland/Libraries/LibELF/Image.cpp
+++ b/Userland/Libraries/LibELF/Image.cpp
@ -316,7 +316,12 @@ Image::SortedSymbol* Image::find_sorted_symbol(FlatPtr address) const

    size_t index = 0;
    binary_search(m_sorted_symbols, nullptr, &index, [&address](auto, auto& candidate) {
-        return address - candidate.address;
+        if (address < candidate.address)
+            return -1;
+        else if (address > candidate.address)
+            return 1;
+        else
+            return 0;
    });
    // FIXME: The error path here feels strange, index == 0 means error but what about symbol #0?
    if (index == 0)